I'd blame the security guy for the wholesale manufacture of threats that don't exist. The battery cannot be made to catch fire or explode (as I explained earlier), nor is x86 code stored in/retrieved from the battery controller firmware. I do believe this is a case of Mr. Miller's ignorance and self interest getting the better of himself and a great many others.

You are stating this information as fact.

Either you are in a position to know these things, in which case you are likely not in a position to comment without breaking your employment contract, or you are making assumption s, in which case you should not state them as fact.

Regardless, believing that a battery's firmware cannot cause it to operate out of spec requires an unenviable dearth of imagination. Likewise believing that corrupt or malicious firmware cannot affect the operating system. Yes, indirectly invoking a code path that was not intended.

As to whether battery firmware can cause a fire, well, I'm not in a position to know, but just using my MacBook Pro under light load seems to come fairly close.

1) Miller has not released the technical details of the vulnerability yet. Nobody could create an exploit using only the data that has been released so far. Apple and Texas Instruments still have an opportunity to release a patch before the details are released.

2) When Miller does release the technical details, he has announced that he will also be releasing his own tool to plug the vulnerability at the same time. (This tool is something of a blunt instrument, though: it replaces the battery's password with a random string so no future legitimate Apple updates for future stability and feature improvements will work after installing Miller's patch. This is a tradeoff that each hardware owner would have to consider.)

Releasing his own “fix" is NOT as good as waiting for the vendor’s patch. He should wait for the vendor’s patch—that’s proper protocol and serves security (as opposed to self-promotion) the best. But he isn’t. I wonder what consequences will fall to people who apply his patch and can no longer receive REAL firmware updates?

And although he hasn’t released the details, he’s told the “bad guys” (if any) what to look for. In short, he’s done much to cause malware, and all the wrong things to stop it. Along with all of which, yes, he did catch and report a real problem... in the wrong way by any reasonable security standard. So, thanks to Miller for that. He’s still in the wrong with his self-serving timing choices.

And wrong in exaggerating what he’s found. (Hinting at fires/explosions, and injection of malware to the OS, neither of which this vulnerability can actually cause. He might as well say, “this issue can’t inject malware onto your Mac. But just imagine if there was some other bug too, in the OS itself... maybe that would be scarier and work hand-in-hand with this issue! Well, imagine away... it’s good for self-publicity! What he should say is, “One could wonder whether this issue could cause even worse things. I have no idea. I see no mechanism by which a fire or explosion could happen, nor injection of malware to the OS, so I don’t want to exaggerate this falsely. But I don’t know for sure—those questions are outside my knowledge right now.” Or, he could simply not mention those hypothetical but scary-sounding “extras” at all yet, if he’s trying to be a professional and fact-based "researcher.")

Releasing his own fix" is NOT as good as waiting for the vendors patch. He should wait for the vendors patchthats proper protocol and serves security (as opposed to self-promotion) the best. But he isnt. I wonder what consequences will fall to people who apply his patch and can no longer receive REAL firmware updates?

And although he hasnt released the details, hes told the bad guys (if any) what to look for. In short, hes done much to cause malware, and all the wrong things to stop it. Along with all of which, yes, he did catch and report a real problem... in the wrong way by any reasonable security standard. So, thanks to Miller for that. Hes still in the wrong with his self-serving timing choices.

Proper protocol generally involves notifying the vendor and giving them a reasonable amount of time to distribute a fix. It does not require withholding the exploit until a fix has been distributed. The article states:

Quote:

Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue.

It's not clear when he notified Apple, but there is ample precedent for releasing details of an exploit when a vendor seems to be sandbagging on a fix. Notably, this has happened to Microsoft in response to IE exploits.

At the very least you are leaving out a lot of mitigating circumstances or other detail that would elucidate why Apple behaved in such an atypical manner for them. For instance it makes absolutely no sense at all that you bought an Apple computer with a battery in it that was "... from the batch that Sony recalled years ago." Unless you are explaining it incorrectly, that's just a plain old lie.

I contacted them via phone and was pushed up two levels of support. Upon which time my request for a replacement was refused, even though I had done the research regarding two different Apple battery recalls.

I then made a report to the CPSC and two months later I got a telephone call from a lady at the Apple home office. She arranged for the battery to be replaced after she got some photographs of it along with the serial number.

If my battery didn't come from the same manufacturing plant that made the original mistake then why is my replacement battery screwing up too? Sony made both of them.

Great.
Another hacker turned "security activist".
Only out to make a name for himself. Doesn't care about anyone else.
Hint, if he cared about security and users, he wouldn't release his findings to the general public.
All these hacktavists are simple out for themselves.
It is pretty sick.

This isn't just bad for Mac users, just announcing where he found the flaw means other hackers will probably start looking for similar flaws in other computer battery types. This could have a horribly devastating effect on all PC laptops as well. These guys really don't give a crap who they hurt getting their claim to fame.

But I do find your comments on this subject to be very informative. It's clear things aren't quite right with Miller's story in several ways.

There seems to be a presumption on the part of the person I responded to, and others, that this vulnerability is as described and that Apple must respond. In fact, the vulnerability is not as described and Apple's response would have to be a mix of addressing the true vulnerability (which is the potential bricking of batteries) and educating the masses in battery pack engineering. I expect Apple to address the vulnerability but I do not expect them to address the ignorance of would-be experts.

We still hear mention of the "faulty antenna" in the iPhone 4, which has been shown to be as good as any contemporary phone (several carriers recommend the iPhone 4 for fringe reception areas, which would be hard to explain if they thought the iPhone's reception was inferior).

As a design engineer of 35 years, and one that has designed LiPo charge systems and the instruments that control them (not dissimilar from a laptop), I am confident that Mr. Miller has overstated the problem significantly. I also expect that was the result of ignorance, not malice. Expertise in operating system security is not expertise in electrical engineering.

I contacted them via phone and was pushed up two levels of support. Upon which time my request for a replacement was refused, even though I had done the research regarding two different Apple battery recalls.

I then made a report to the CPSC and two months later I got a telephone call from a lady at the Apple home office. She arranged for the battery to be replaced after she got some photographs of it along with the serial number.

If my battery didn't come from the same manufacturing plant that made the original mistake then why is my replacement battery screwing up too? Sony made both of them.

I have a 2007 MacBook and when it was about 26 months old it developed a fault of simply shutting down without notice. It only did this when on battery power. I took it to the Apple genius who plugged an ipod into my computer which ran a test program on the battery. He said it was defective. Not worn out, not past its number of cycles, but that it contained defective cells. He replaced the battery without question. I did have Applecare, but that specifically excludes batteries. Your experience seems to be totally at odds with mine.

I didn't miss those things, they're just irrelevant. Number 1 is discountable because he's said when and where he's releasing it, which means he is prepared to do it before Apple and TI have patched it. Number 2 is irrelevant because his "solution", as you noted, simply replaces the password he's gotten a hold of with a random string rendering the firmware unmodifiable. That's not a cure, that's first aid. it's bad first aid too, because it renders the cure impossible to administer. Besides which, Miller knows the vast majority of affected users will not know or care to apply his solution anyway, whereas everyone who wants to exploit the flaw will be paying attention to his method. He's arming the attackers with a rifle and saying it's okay because he's handing the victims a caulk gun (A humorously appropriate metaphor) to defend themselves with.

Cure and patch, in the context you used them, are not synonymous. Patch would be synonymous with treatment. "Take two aspirin and and call me in the morning." A cure would mean that the security exploit would be eradicated forever, which, since it's a security issue, would be unwise to say. That's why the terms patch and fix are used, both imply temporary.

At the very least you are leaving out a lot of mitigating circumstances or other detail that would elucidate why Apple behaved in such an atypical manner for them. For instance it makes absolutely no sense at all that you bought an Apple computer with a battery in it that was "... from the batch that Sony recalled years ago." Unless you are explaining it incorrectly, that's just a plain old lie.

The point about them refusing to replace it is strange to me. It was several years ago but we had one battery that swelled up and they replaced the battery without question. We did have a battery that refused to hold a charge and the 'genius' ran tests and said that we had only unplugged it 12 times in 6 months (we were unplugging it daily) and we had to push a bit but they replaced it after some consulting with each other.

If the serial number of the battery doesn't fall into the range noted by Apple as having a problem, this is exactly how they would behave, even if it was a manufacturing defect. We've seen time and time again that Apple refuses to fix different product defects until there is such a consumer and media uprising that they have no other choice.

Like AntennaGate?

I think you are getting Apple confused with some other company. I have NEVER had Apple refuse or scrimp on a repair. I have had them swap out temperamental iPods with brand new ones without batting an eye. When my late 2008 MPB battery started to swell, I took it to the Apple store and the Genius said "Well, it certainly should look like that!" and in less than 10 minutes I was out of there with a new battery. When my Mom's out of warranty MacBook developed a crack in the case and she took it in for one-on one training, the Apple rep working with her told her, after her class, to bring it back next week and they would swap the case - which they did.

Apple doesn't have a greater than 90% customer satisfaction rating because the "refuse to fix product defects until there is such a consumer and media uprising" - just about every single time such a "defect" is fussed over, just like the iPhone 4 antenna, it's a non-issue and a bunch of ignorant people running their mouths starting crap.

Quote:

As for batteries failing, I can attest it happens. My brother and I just pulled a battery out of a 2009 13" MacBook Pro today which had swelled to the point where the trackpad was pushed up past the top of the case. When we pulled it out of the case it had swelled to the point where it was a full 1/2 inch taller than it should have been. Apple absolutely refused to replace it without being paid $179. It was the original battery provided by Apple and was clearly defective.

I find that hard to believe based on my own experience. Which "Apple" absolutely refused to replace? Were you at a store?

So you claim. Batteries have caught fire in the past, so it *can* happen.

What's so special about battery controller firmware that x86 code couldn't be stored in it? Code is just bits of data - there's nothing special about x86 or other bits.

Bits are bits.

When you have the demonstrated credentials that he does, your assertions might be worth something. Otherwise your just a random anonymous voice on the 'net with no cred.

*SIGH* Geez Doc. Cars have crashed in the past to so don't drive your car anywhere. bsimpsen was being very specific, and unless you can demonstrate that a battery control firmware alteration (at least before Miller has a chance to - if its possible) can IN FACT cause the battery to malfunction to catch fire, you don't have enough data or facts here to make that statement in relation to this alleged hack. And since we don't know the specifics of the hack (how it is delivered, how it is triggered, what it in fact affects) you are doing an admirable Chicken Little here.

Just because Miller is a popularized tech celeb with a reasonable track record of hacking for security remediation doesn't mean in this case that you have a significant vulnerability. That we will not know until Miller demonstrates the process to do the hack. And speaking of random voices on the internet with no cred, yours is in no better position (nor is mine for that matter), and a moot point at best. However I DO have electronic materials application research in my background and everything that bsimpsen has stated thus far has jived with what I know of the battery technology in question - so credibility therefore is in the eye (and the technical background of the beholder).

Moreover if you understand the systems involved - you would know that the battery system firmware is only part of the total system that controls power management in the Apple (or any) computer. There are a couple of standards mandated safety checks (and perhaps others by Apple as well) that the system has to support to be a consumer electronic device. Miller is self-admittedly (according to the article) NOT an expert on what the firmware can and cannot do if hacked - he's still messing around with it. He is an OS systems security expert. He is simply for the purposes of this exercise extending his expertise into an adjacent area of firmware control that he has not attempted before.

Anyone who has a background in firmware and coding would know that simply putting x86 code into the battery management firmware would be essentially meaningless unless it was executable by that system somehow. So no, categorically, bit are not created equal in this case.

Time to reboot your arguments.

If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one